Assuming Users

Assuming users allows users with either the Superuser or Assume User privilege to "take control" of other users. This means they can look into the personal account settings of those other users in order to diagnose improper configurations and troubleshoot issues.

In order to assume another user, you must have either the Super User or AssumeUser privilege. For more information, see Privileges.

As a user with the correct privilege:

Go to to Users > All Users, and select the user you want to assume.

Select More Actions>Assume User.Before you assume a user, you must give a reason why the user is being assumed. This will be recorded in Activity > Reports.When you assume a user, several things happen.

The user interface switches to the assumed user’s point of view.

An event is created, recording that you assumed the other user.

Every audited operation performed by an assuming user will be identified as such in the event log (Activity > Events). If you click on the event, you can see who assumed the user. You can also report on all events performed in an assumed state and view the assuming user.

Every audited operation performed by an assuming user will be indicated by an asterisk (*) on the Activity tab on the assumed user's record (All Users > select user > Activity tab).

When you are done with the user, you can either sign out or revert back to your original using the user’s drop-down menu at the top.

Disabled Features During Assumed Use

Several features are disabled while you have assumed another user.

Passwords for apps using form-based authentication cannot be revealed.

Application sign-in is disabled.

Federated search is disabled.

Secure notes are not visible.

These features are disabled in order to ensure data privacy. You can enable sign-in while assuming a user on an app-by-app basis by navigating to the application’s SSO tab and then enabling Allow assumed users to sign into this app.

Note: 'Allow assumed users to sign into this app' can only be configured by the Account Owner.

Restricting Use of the Assume Function

The account owner can can restrict the use of the assume function in a couple of ways via Settings > Account settings.

Clearing the Allow assuming users setting disables the assume function for all users in OneLogin. Clearing the Allow external assuming setting prevents OneLogin’s support staff from assuming a user in your account. Letting OneLogin support assume a user can be very useful when they need to help you troubleshoot configuration issues.

Note: OneLogin staff cannot reveal passwords or sign into any of your applications.